12/16/2011
1
SYS211 e-Le@rning:Netgard Secure Scanning for U.S. DOD and Federal Agencies
Presenter: Henry Gold
Business Area Manager
API Technologies
Please silence your cell phones
Keep background noise to a minimum
Before we begin…
Keep background noise to a minimum
Do not put your phone on HOLD
Please let instructor know if anyone else is sitting in with you
Toshiba Academy Systems e-Le@rning Program
The phone audio will be muted - Please save questions until the end or submit text based questions as we move through presentation
12/16/2011
2
Have questions?
Submit text based Submit text based questions questions
via the Q&A podvia the Q&A pod
Toshiba Academy Systems e-Le@rning Program
via the Q&A podvia the Q&A pod
Your Status
Throughout the program, we will ask you to respond by indicating your “Status.”
When asked please use the “Status Options” drop-down button, located at the top of your screen.
Toshiba Academy Systems e-Le@rning Program
Set your status now by indicating: “Agree”
12/16/2011
3
The goals of today’s e-Le@rning session are…
e-Le@rning Goals
Introduce the new Netgard MFD security solution that will help facilitate sales to U.S. DOD (and soon civilian agencies)
How does Netgard relate to GSA?
Reduce your sales cycle
Provide you with product training to get you started with N d MFD
Toshiba Academy Systems e-Le@rning Program
Netgard MFD
e-Le@rning Objectives
Upon completion of this course, you will be able to:Build your knowledge of a key Security requirement to deploy systems to the U.S. DOD and Civilian Agencies
Give you the tools needed to close business with the U.S. Gov.
Provide the necessary skills to install this solution
Toshiba Academy Systems e-Le@rning Program
12/16/2011
4
Agenda
1. API Technologies Introduction
2 Netgard™ Overview2. Netgard™ Overview
3. Physical Installation and Technical Overview
4. Live Q&A Discussion
Toshiba Academy Systems e-Le@rning Program
API Technologies Introduction
Who is API Technologies?
Featured Customers
The Customer Need
Toshiba Academy MPS Certification Program
12/16/2011
5
Company Snapshot
Prime contractor in sophisticated electronics, highly engineered systems, secure communications and electronic components and subsystems to the global defense and aerospace industriesdefense and aerospace industriesPublicly traded (ATNY.OB)Revenues of over $380M2000 EmployeesKey product focus
Defense & Aerospace Products & ServicesS t & E i i S i
Toshiba Academy Systems e-Le@rning Program
Systems & Engineering ServicesSecure Communications Products & ServicesComponents & Subsystems
Featured Customers
US & International Government Agencies
Leading Government & Defense Contractors
Toshiba Academy Systems e-Le@rning Program
12/16/2011
6
The Customer Need
DOD Requirement:
All multi-function devices (MFDs) that canAll multi-function devices (MFDs) that can transmit scan jobs over the LAN must be secured by a Common Access Card (CAC) that will verify and authorize the user before a scan-to-network function is permitted (STIG)
Expanding security to “Copy” function & “Print Release”
Seeing requirement at Civilian Agencies HSPD‐12
Toshiba Academy Systems e-Le@rning Program
g q g(PIV card)
HSPD 12
CAC & SMARTCARD Deployments
17 million cards issued to date
5 5 million active cards are in use5.5 million active cards are in use today
Today CACs are:The standard at more than 1,000 sites
Used in over 25 countries
To date the DoD has deployed over 1
Toshiba Academy Systems e-Le@rning Program
p ymillion card readers and associated middleware around the world
12/16/2011
7
Netgard Overview
How it works
Authentication Options
Value Proposition
Toshiba Academy MPS Certification Program
End Users Brings their CAC Card to our Device Status/ Job Copy
Netgard: How it Works
They insert their CAC Card in the readerThey enter their Pin NumberThe Server Verifies Credentials(OCSP/LDAP/AD)Operation Panel Access Granted OCSP/LDAP/AD
Cancel
Program
Application
Copy
Send
Document Box
Toshiba Academy Systems e-Le@rning Program
OR
Operation Panel Access Denied
12/16/2011
8
Connectivity
• Simple, in‐line Ethernet connection
Toshiba Academy Systems e-Le@rning Program
• Web‐based remote admin
• Integrates with Active Directory and/or PKI
• Supports CAC PIN, X.509 certificate, LDAP, PKI and OCSP
Live Video Demonstration
Toshiba Academy Systems e-Le@rning Program
12/16/2011
9
Conforms to DoD requirements
Works with all major copier models
Important Facts
Support for CAC/PIV V1 & V2
Special security features:FIPS 140-2 & 201
Email encryption & signing
Confirms identity of sender
Toshiba Academy Systems e-Le@rning Program
Confirms identity of sender
Added security on Scan-to-Email feature replaces the “From” “Reply-to” and “Sender” fields with CAC user’s email address (obtained from CAC or LDAP)
Netgard Customers / Deployments
Over 3000 Netgard™ devices are currently deployed in all branches of armed services:
Air Force (Andrews, Ramstein, Bolling & Hill AFB)
Army (Aberdeen, Fort Collins)
Army National Guard
Army Reserves
Navy (Jabuti Naval Base)
Toshiba Academy Systems e-Le@rning Program
Navy (Jabuti Naval Base)
DAPS/DLA
12/16/2011
10
Configurable Authentication Options
PIN (Default, Always ON)
User’s PIN is used to unlock the CAC.
X509 validation (requires issuer certificate)
CAC certificate Challenge/responseCAC certificate Challenge/response
Requires issuer certificate
OCSP
User’s certificate is sent to OCSP server for revocation check.
Requires issuer certificate
LDAP/LDAPS (anonymous and non-anonymous)
LDAP lookup is performed to ensure the user is valid
Toshiba Academy Systems e-Le@rning Program
LDAP lookup is performed to ensure the user is valid
LDAPS requires server certificate
Non-anonymous lookup requires username and password
Kerberos
Network PKI authentication
No adjustment to the Copier/MFP is required – the Netgard MFD connects the MFP to the LAN and
How Does the Netgard Affect the Printer/MFP?
Netgard MFD connects the MFP to the LAN and handles all network traffic control.
Windows users see no difference when they print to the Copier/MFP or add a printer.
Administrators may connect to Copier/MFP and manage it using the browser interface as normal.
Toshiba Academy Systems e-Le@rning Program
Other Copier/MFP communication, like the Printer Monitor Utility (SNMP based), is unaffected as well.
12/16/2011
11
Value Proposition
Quick to market CAC/PIV – Secures Scan to Network.No custom development needed on MFD
MFD agnosticMFD agnostic
Easy to deploy
With over 3000 devices deployed…field tested
Significant investment – core competency
Priced right
Toshiba Academy Systems e-Le@rning Program
Additional Points
Next release will support GSA PIV (1st half 2012)
Secure Print Release - Print to cloud with NSI
Scan to home – Utilizes NSI AutostoreScan to home – Utilizes NSI Autostore
Toshiba Academy Systems e-Le@rning Program
12/16/2011
12
Physical Installation
Let’s Install Netgard
Connectivity and Physical Connections
Local Access Via IP Connection
Basic Configuration
Setup of MFP
Toshiba Academy MPS Certification Program
Advanced Authentication Options
Netgard Maintenance
Pre-Installation Checklist
Troubleshooting
Connectivity
Toshiba Academy Systems e-Le@rning Program
12/16/2011
13
Physical Connection
Make connectionsConnect CAC Reader to USB port
Connect base network to LAN port
Connect copier to DEV port
Connect computer to MGMT port (no crossover needed)
Connect Vend cable via USB port (optional)
Power up unit (~60 seconds to boot)
Toshiba Academy Systems e-Le@rning Program
p ( )
Initial Install Requires Local AccessVia IP Connection
Toshiba Academy Systems e-Le@rning Program
12/16/2011
14
Administering Netgard MFD
Administer Netgard by plugging directly into the Ethernet Management (MGMT) port.
Set computer IP to:
IP: 192 168 20 20IP: 192.168.20.20
Subnet: 255.255.255.0
Gateway: 192.168.20.1
Use FireFox web browser to administer Netgard
https://192.168.20.1:8080
Login information
Toshiba Academy Systems e-Le@rning Program
g
ID: admin
Password: password
For additional details see the quick install guide.
GUI
Toshiba Academy Systems e-Le@rning Program
12/16/2011
15
Netgard Homepage
Toshiba Academy Systems e-Le@rning Program
Tour of UI
Basic Configuration
Toshiba Academy Systems e-Le@rning Program
12/16/2011
16
Click on the “Network” Tab
Set IP addresses
Set the Netgard’s Lan Address If DHCP write
Network configuration (Step #1)
Address. If DHCP write down the IP address.
Tell the Netgard the IP address of the Printer
Click the “Apply” button
Set Copier IP:IP: 192.168.10.30
Toshiba Academy Systems e-Le@rning Program
Subnet:255.255.255.0GW: 192.168.10.1
Additional configuration optional
Click on the “Scan Setup” button
Enable Required f ti lit
Scan Setup (Step #2)
functionalityEmail
Set SMTP server IP
Scan to self?
Encryption & Signing
FTP
Toshiba Academy Systems e-Le@rning Program
Append file header name?
Click the “Apply” button
12/16/2011
17
Scan Setup (Step #2 cont.)
Enable SMBOpen F/W when CAC authenticated?Set NSI/Autostore informationClick the “Apply” button
Toshiba Academy Systems e-Le@rning Program
Netgard Admin (Optional)
Click on the “Admin” tab
Turn on Management port on LAN Port so Administer Netgard remotely
Define an ACL
Toshiba Academy Systems e-Le@rning Program
12/16/2011
18
Click on the Admin->Users t b
User Administration
tab.Add a new “Admin” level userDelete the
Toshiba Academy Systems e-Le@rning Program
default admin user.
Initial Netgard Configuration Complete…. Now Setup MFP
Toshiba Academy Systems e-Le@rning Program
12/16/2011
19
MFP Configuration
Set Copier IP address to address configured in the first step (default = 192.168.10.30)p ( )
Setup Scan to Network functionalitySame configuration as if copier was sitting on customer network.
If Email set to “Send to Self” add one “Destination”
Toshiba Academy Systems e-Le@rning Program
IP Configuration on e-STUDIO MFP
IP address = 192 168 10 30192.168.10.30
Subnet Mask= 255.255.255.0
Gateway = 192.168.10.1
Toshiba Academy Systems e-Le@rning Program
12/16/2011
20
Test Basic Functionality
Authenticate with a CAC and testScan to email Scan to SMB Scan to FTPScan to email, Scan to SMB, Scan to FTP
Perform same test without CAC
Browse to CopierUse “LAN” IP address of Netgard (http://10.10.3.153)
Test Print functionalityUse “LAN” IP address of Netgard
Toshiba Academy Systems e-Le@rning Program
Use LAN” IP address of Netgard
Advanced Authentication Options
Toshiba Academy Systems e-Le@rning Program
12/16/2011
21
Authentication Screen
• Authentication Options• X.509 – Local certificate
authentication
• OCSP – Revocation List
• LDAP – Active Directory Lookup
• Kerberos – Authentication
Toshiba Academy Systems e-Le@rning Program
Click on Scan Setup-> Certificates button
Upload Certificates (chain of trust)“Upload Trusted Certificates” button on the right hand side
Additional Configuration for X.509
Certificates must be in Base-64 encoded format (pem file extension)
Point the Netgard to a NTP server to ensure the Date/Time is properly set (Admin->Time Zone)
Toshiba Academy Systems e-Le@rning Program
12/16/2011
22
Netgard Maintenance
Toshiba Academy Systems e-Le@rning Program
Configuration Management
Go to the Admin->UtilitiesBackup and restore a device configurationPerform a Netgard UpgradeReboot the device
Toshiba Academy Systems e-Le@rning Program
12/16/2011
23
Pre-Installation Check List
Toshiba Academy Systems e-Le@rning Program
Pre-Installation Checklist
Netgard IP address (Subnet & Mask)May need to provide MAC address
DNS IPDNS IP
SMTP IP address
NTP IP
Root & intermediate certificates
OCSP URL
LDAP i f ti
Toshiba Academy Systems e-Le@rning Program
LDAP informationIP, Login, Search details
CAC card available for testing
12/16/2011
24
Troubleshooting
Toshiba Academy Systems e-Le@rning Program
1) Check Computer’s IP address
IP: 192.168.20.20
Subnet: 255.255.255.0
Can’t Get to Management Port?
Gateway: 192.168.20.1
2) Confirm that your computer IP address changed:
Open Command Window (run>CMD)
At the prompt type IPCONFIG
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Toshiba Academy Systems e-Le@rning Program
IP Address. . . . . . . . . . . . : 192.168.20.20
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.20.1
3) Start a New web browser session (Firefox)
Ensure that the URL is correct https://192.168.20.1:8080
12/16/2011
25
Diagnostics & Logs
Toshiba Academy Systems e-Le@rning Program
Confirm that the Netgard configuration is correct:Email configuration
Scan Setup->Scan to Network->Enable Email
Scan Setup >Scan to Network >Server IP address correct
Troubleshooting Scan to Email
Scan Setup->Scan to Network->Server IP address correct
Copier device (Network->Configuration->Copier IP Address)
Confirm that the Netgard can ping the copier & SMTP server
Take Netgard out of loop to ensure copier setup
Confirm that the user successfully completed the CAC authentication.
Toshiba Academy Systems e-Le@rning Program
Reader displays “Ready to Scan”
Capture email session to determine root causeMonitoring->Diagnostics->Packet Trace->Network Select (LAN and MFD)
12/16/2011
26
Troubleshooting CAC authentication failure
Start off simple - Add layers of authentication to ensure configuration is correctgConfirm that the Netgard can ping the OCSP, LDAP serverTake Netgard out of loop to ensure copier setupCapture failed authentication session to determine root cause
Toshiba Academy Systems e-Le@rning Program
Monitoring->Diagnostics->Packet Trace->Network Select (LAN and MFD)
Wrap-up
Additional Materials from API TechnologiesUser Guide
Quick Install Guide
Installation & Configuration Videos
Product Catalog
Negard MFD Community on
Toshiba eXCHANGE
Toshiba Academy Systems e-Le@rning Program
Software & Services > Security > Netgard MFD
12/16/2011
27
API Technologies NetgardTechnical Training Certification Process
1. There are no prerequisites for the course
2. A Tech ID is REQUIRED to access API Technologies Netgard CBT/Certification Test
If you do not have a Tech ID, please see you local FYI SIS Admin to add you to the Service Group and request a Tech ID at:
FYI > Training > Service > Dealer Administration > New Tech Application
3. Once you have a Tech ID have your Service Manager enroll you in:
CBT course 12199: API Technologies Netgard
Toshiba Academy Systems e-Le@rning Program
CBT course 12199: API Technologies Netgard
4. A dealer technical representative must pass the technical CBT to be eligible to purchase Netgard solution
API Technologies NetgardSales Training Certification Process
Pass the “73. API Technologies Netgard Certification Final Exam” on FYI
FYI > Training > Sales > Testing > Product Knowledge Testing
Must score of 80% or better to pass
Toshiba Academy Systems e-Le@rning Program
12/16/2011
28
Questions
Toshiba Academy Systems e-Le@rning Program
Thank you for attending!
Product [email protected]
+1 (908) 546-3900 option 8
Toshiba Academy Systems e-Le@rning Program
Henry Gold+1 (908) 546-3907
12/16/2011
29
Eric RoskellyDigital Training ManagerDigital Training Manager
973-316-2700 Ext #42730
Please advise us if you have not registered!
Toshiba Academy Systems e-Le@rning Program
Rob TroxelDigital Training ManagerDigital Training Manager888-343-6245 Ext #5602
Please advise us if you have not registered!
Toshiba Academy Systems e-Le@rning Program
12/16/2011
30
Dean TamashiroDigital Training ManagerDigital Training Manager
949-462-6927
Please advise us if you have not registered!
Toshiba Academy Systems e-Le@rning Program